* update sql parameter page

* Flamber edits

Co-authored-by: flamber <1447303+flamber@users.noreply.github.com>

* revisions

* add mongo example

Co-authored-by: flamber <1447303+flamber@users.noreply.github.com>

* Change query_cache.results column to correct blob type

Add Liquibase changeSet to modifyDataType of query_cache.results to ${blob.type} (an idempotent operation on most DBs)

Add schema migrations test to confirm, which simulates the broken app DB state, then runs the migration, then confirms the fixed type

* update postcss deps

* update the postcss config

* replace color fn with color-mod fn

* remove webpack-postcss-tools

* fix postcss config

* fix negated vars

* Speed up interger or string recognition

jeff helpfully pointed this out. I did some repl benchmarks

```clojure
(comment
  (doseq [x ["3" "bob"]]
    (dotimes [_ 3] (time (dotimes [_ 10000] (try (Integer/parseInt x)
                                                  (catch NumberFormatException _ x))))))
  (doseq [x ["3" "bob"]]
    (dotimes [_ 3] (time (dotimes [_ 10000] (if (re-matches #"\d+" x)
                                              (Integer/parseInt x)
                                              x))))))

tiles-test=> (doseq [x ["3" "bob"]]
               (dotimes [_ 3] (time (dotimes [_ 10000] (try (Integer/parseInt x)
                                                            (catch NumberFormatException _ x))))))
"Elapsed time: 5.72825 msecs"
"Elapsed time: 1.531042 msecs"
"Elapsed time: 0.797041 msecs"
"Elapsed time: 32.120875 msecs"
"Elapsed time: 27.848375 msecs"
"Elapsed time: 23.820542 msecs"
nil
tiles-test=> (doseq [x ["3" "bob"]]
               (dotimes [_ 3] (time (dotimes [_ 10000] (if (re-matches #"\d+" x)
                                                         (Integer/parseInt x)
                                                         x)))))
"Elapsed time: 5.356417 msecs"
"Elapsed time: 1.97225 msecs"
"Elapsed time: 1.868708 msecs"
"Elapsed time: 1.214666 msecs"
"Elapsed time: 1.185625 msecs"
"Elapsed time: 1.19025 msecs"
nil
tiles-test=>
```

* Only select lat/lon fields in api/tiles

We required the index of lat and long columns, ran the whole query, and
then just grabbed those columns in a `(for [row rows] [(nth row
lat-idx)..])`. But of course we can just update the fields we want to
select in the query.

MBQL and native queries flow through this codepath depending on the
source of the query of the card being mapped. For mbql queries, it is
straightforward, add a filter on the lat long and replace the fields
with just lat and long fields. For native, we nest the native query as a
nested query and then proceed on the resulting mbql query. The only
difference is requiring the type annotation for the field type.

mbql field: [:field 32 nil] vs [:field "latitude" {:base-type :type/Float}]

This addresses memory concerns. The query is not limited and we don't
need to select an entire row for these purposes. Dropping lots of text
fields, id fields, etc could save quite a bit of memory when resolving
the entire result set in memory.

* Add limit to number of coordinates per tile

these queries were unbounded in getting coordinates for each tile. But
in a visualization, can there really be more information provided? We
were leaving them unbounded and getting back millions of rows (reported
on #4844). So we were adding unnecessary detail at the price of OOM
errors.

Note tests have been changed to show that the limit of the original mbql
query is clobbered and the limit of the original native query is only
present in the nested query whereas the outer query selects its own
limit.

As always, should this number be exposed as a setting? Configurable in
the UI? Leaving as a hardcoded and documented number for the moment.

* docstring

* Remove col indices from api/tiles

since we just select the actual columns we want, we no longer need the
index in the results of those cols. they are always the first and second
columns

* Trim final slash on url

* Nest qbnewb under /modal to allow for other modals

move the api from api/user/:id/qbnewb -> api/user/:id/modal/qbnewb to
allow for the upcoming new dismissable modal

* Add additional datasetnewb route

staying with the same naming scheme as qbnewb. the db field is
is_datasetnewb, the route just takes datasetnewb.

I'm not wild about the default is true, set to false, and the naming
scheme. But will be easier to migrate and easier for FE to use if we
continue the defaults/logic etc.

* Remark on db change in migration file

Disable these tests for Redshift, since they are consistently failed with Out of Memory errors (#18935)

* pivot-parameter-dataset-test
* pivot-public-dashcard-test

Re-enable if/when #18834 is resolved

Co-authored-by: Maz Ameli <maz@metabase.com>

* add waterfall static viz

* review fixes

* Slightly simplify QuestionDataSource

* Extract and cleanup HeaderBreadcrumbs

* Only keep database icon in breadcrumbs

* Fix object ID not shown in detail view

* Use `text-light` color for CollectionBadge

* Support icon name as a prop of Badge

* Add `inactiveColor` prop to Badge

* Unify head and subhead breadcrumb components

* Fix ad-hoc view items alignment

* Fix invalid CSS

* Use isStructured question method

* Fix filters display in adhoc question header

* Fix E2E selector

* Fix saved question filters alignment

Secrets 🔐 PR 5 - Translate secret connection-properties into existing types understood by frontend (#18236)

* Translate secret connection-properties into existing types understood by frontend

For all :type :secret properties, before returning over the wire (i.e. from `available-drivers-info`), translate the connection-property into one or more new client side properties, using the existing types, to encapsulate the behavior of that individual secret "unit".  Depending on the :secret-kind and hosting environment, this could mean there are multiple additional properties injected (one for the file upload versus local path option field, one for the value itself on upload, and one for the file path)

Adding utility function to do the reverse (i.e. translating those client side properties back to the server secret property definition)

Adding tests for both (including updating secret-test-driver to cover all of these)

Add support for the treat-before-posting connection property config

* Fix bug in `delete-orphaned-secrets!`

* Add `hasPlugin` check to moderation plugin

* Remove border from QuestionModerationSection

* Remove padding from question description

* Reorder imports and exports

* Remove not used prop

* Manage section border in the sidebar

* Add tests for question details sidebar

* Add basic dataset management section

* Add icon for dataset > question action

* Test dataset —> question change

* Add ability to turn a dataset into a question

* Use HTML buttons for dataset management

* Show question verification section

* Fix datasets e2e test helper

* Fix hover effect for dataset action buttons

* Fix question sidebar button alignment

* Use CSS to handle sidebar border

* Use SameSite=None for EMBEDDED_SESSION and DEVICE cookies

 - EMBEDDED_SESSION previously did not specify SameSite attribute
   and assumed that the browser would default to SameSite=None, but
   recent browsers default to SameSite=Lax which does not work
   with cross-domain full-app embedding.
 - DEVICE was previously set to SameSite=Lax causing devices to not
   be remembered during login with cross-domain full-app embedding
   resulting in superfluous "We've Noticed a New Metabase Login"
   emails. Setting it to SameSite=None is safe because the cookie is
   not used to authenticate a user.

* Only print SameSite warning if not over https

`embedding-app-origin` may contain multiple origins but postMessage
supports only a single origin, so we need to use `*` instead.

The risk should be very low because
 - the data we send is not sensitive data (frame size, current URL)
 - we are already using frame ancestor policy to limit domains that
   can embed Metabase

Update new BigQuery driver to only use project-id in qualified names if it differs from credentials (#18843)

* Update new BigQuery driver to only use project-id in qualified names if it differs from credentials

Add new key to db-details for :bigquery-cloud-sdk when a database is updated, called :project-id-from-credentials, and extract the project-id from the service account creds when the database is saved

Updating logic in bigquery-cloud-sdk QP to only include the project-id when qualifying an Identifier, if the project-id (override) value is set, and its value differs from the :project-id-from-credentials value mentioned above

Adding a test to confirm that a card query continues to work after changing the associated DB's driver from :bigquery to :bigquery-cloud-sdk

Change all syncs in the test to {:scan :schema} to speed them up (deeper level not needed)

multiple user groups from Okta

* Added documentation on how to connect to Google Analytics

* Added section explaining how to enable Google Analytics API

* Reduced png size by 35 percent using optipng

* Update docs/administration-guide/databases/google-analytics.md

Co-authored-by: Jeff Bruemmer <jeffbruemmer@gmail.com>

* Update docs/administration-guide/databases/google-analytics.md

Co-authored-by: Jeff Bruemmer <jeffbruemmer@gmail.com>

* Update docs/administration-guide/databases/google-analytics.md

Co-authored-by: Jeff Bruemmer <jeffbruemmer@gmail.com>

* Update docs/administration-guide/databases/google-analytics.md

Co-authored-by: Jeff Bruemmer <jeffbruemmer@gmail.com>

* Update docs/administration-guide/databases/google-analytics.md

Co-authored-by: Damon P. Cortesi <d.lifehacker@gmail.com>

* Update docs/administration-guide/databases/google-analytics.md

Co-authored-by: Damon P. Cortesi <d.lifehacker@gmail.com>

* Removed reference to Google Analytics versions for API scopes

* Update docs/administration-guide/databases/google-analytics.md

Co-authored-by: etoulas <etoulas@users.noreply.github.com>

* Editing the Google Analytics docs

Co-authored-by: Leandro Lamaison <leandro.lamaison@ank.app>
Co-authored-by: Leandro Lamaison <69637098+lama-ank@users.noreply.github.com>
Co-authored-by: Jeff Bruemmer <jeffbruemmer@gmail.com>
Co-authored-by: Damon P. Cortesi <d.lifehacker@gmail.com>
Co-authored-by: etoulas <etoulas@users.noreply.github.com>

* add progress static viz

* fix negative values, amend contract

* Add backend support for keystore type secrets

Adding code to handle keystore type secrets

Adding test code to create and verify a keystore through the secret DB roundtrip

Adding util fn to secret namespace for converting the value to file, and adding test for that

* Support datasets in search

* Extend SearchResult not to be a link on demand

* Use common SearchResult component for data picker

* Wrap data picker search results in `li`

* Fix E2E test selector

* Fix E2E test selector

* Extract BaseSelectListItem component

* Remove redundant prop types

* Switch to custom SelectList for data bucket step

* Remove iconPosition prop from AccordionList

* Fix SelectListItem

* add DimensionInfo component

* reorder imports

* add a max height to the description

* add index.js